Security News, Articles and Updates

North Korea 'elite' tightening security, increasing obfuscation, abandoning Western social media

North Korea's ruling elite has boosted their operational security procedures and migrated away from Western social media, according to a report from Recorded Future.

An inconvenient truth - DevSecOps operate in silos, separated from security

Some 35 percent of developers receive no formalised training on secure coding practices and many organisations bolt security on to the end of the development lifecycle from a team in another silo.

Orangeworm attacks X-Ray machines in campaign spanning UK, Europe, US

A new attack group - Orangeworm - targeting the healthcare sector and related industries has been spotted by security researchers from Symantec.

Cisco patches vulnerability in WebEx

A Cisco security advisory is warning users of a vulnerability in the firm's WebEx Meetings and WebEx Meetings Server that could allow a remote attacker to execute arbitrary code on their system.

Combat cryptojacking - avoid insecurely configured Kubernetes clusters

Unfortunately there is a lack of knowledge and governance in many businesses around Kubernetes which in turn has created gaps in their security, but there are 3 key ways that organisations can keep their Kubernetes clusters secure.

IoT botnet actively exploiting Drupal CMS bug

Botnet uses compromised systems to spread infection. Security researchers have discovered a large botnet that is using a severe flaw in the Drupal CMS in order to infect other systems.

New hacker groups emerging in Asia and in the Middle East, finds Kaspersky

Security researchers observed a noticeable spurt in the activities of advanced persistent threat (APT) groups based in certain parts of Asia and in the Middle East during the first three months of the year.

RSA: Intel announces new chip designs with built-in security

Intel Monday announced three new measures that will be implemented in a future chip designed to bake security into the hardware following last year's Spectre/Meltdown vulnerability.

Financial services industry most targeted with malware for second year

For the second year in a row, the financial services industry tops the charts as the most targeted industry with the highest volume of security incidents and the third highest volume of cyber-attacks.

15 security expectations for suppliers and business partners

By now it's clear most corporate people understand that the security posture of business partners and third parties has become a top priority.

Juniper patched multiple vulnerabilities

Juniper Networks released more than a dozen security updates to patch a wide range of issues including two denial-of-service vulnerabilities and one for remote code execution.

How safe are apps built on Open Source? Is security traded for efficiency?

Many enterprises are embracing Open source software (OSS) at a fast pace, but do such software solutions match up against enterprises' internal applications when it comes to security, robustness, maintainability, and efficiency?

Improving poor IT security and data compliance needn't be hard

If your company doesn't have the internal resources and IT expertise to ensure IT systems are secure and up-to-date then you have the option of outsourcing IT at a reasonable price to a managed services provider.

21% of serverless applications feature critical vulnerabilities

An audit of 1,000 open-source serverless applications carried out by serverless security company PureSec has revealed that 21 percent of such applications feature critical security vulnerabilities that can be exploited.

Hackers using flaw in Cisco switches to attack

US Homeland Security warned Russian state actors behind attacks on US energy grid. Security researchers have warned that hackers are using badly-configured Cisco switches to gain entry into the infrastructure of organisations.

Would you like productivity, or security?

When engineers work on a new invention, they focus on "getting it to work". This imperative precedes the need to "make it safe".

Credential stealer masquerades as security product

Malware impersonates Kaspersky antivirus. Security researchers have found malware that steals credentials while pretending to be anti-virus software from Kaspersky.

Newest Apple releases squash bugs in iOS, macOS, Safari, various apps

Apple addressed a bevy of security bugs late last week, after issuing updated versions of its current operating systems, Safari browser and several core apps, as well as security enhancements for two older OS offerings.

Despite risks, a majority of firms are allowing the use of Wi-Fi hotspots

While experts have warned about the perils of connecting to unsecured public Wi-Fi hotspots in the past, new research has revealed that organisations are suffering more from security issues than in the past.

Grindr flaws spill personal info on users, reveals locations

Security flaws in Grindr can expose the personal information and location of its three million or so users.

Build security into the fabric of your organisation

Use the lessons learned from past attacks, ensure security is a high priority in the organisation and train staff appropriately, plus source solutions that are both reputable, transparent and independently audited.

GhostMiner uses fileless technique to mine coins

Security researchers have discovered a new form of cryptocurrency miner that uses fileless malware to install itself on systems. The malware also removes other miners.

Protecting your 'digital jewels' from new public cloud threats

The problem with placing your organisation's digital crown jewels in the public cloud is that you must rely on the CSP's own security controls to identify and stop attackers.

Drupal advises be on lookout for highly critical release

Drupal is calling its users to be on standby for the announcement of a highly critical release on 28 March that will address issues in Drupal 7 and 8.

Planes, trains and automobiles: the importance of privacy and data security

The fact is that 'shoulder-surfing' or 'visual hacking' is a threat to organisational data that is just as serious as any other, and not one to be ignored.

New Fakebank malware variant intercepts calls on Android smartphones

Malware active in South Korea, redirects calls to scammers. Security researchers have discovered a new variant of the Fakebank malware.

GrayKey raises security concerns with iPhone unlocking device

A product made by Cellebrite competitor GrayKey is raising security concerns over a standalone device capable of unlocking iPhones.

Two East Asian APT groups stage cyber-espionage attacks

OceanLotus hits targets in Southeast Asia, while PlugX malware steals pharmaceutical data. APT groups are targeting high-profile corporate and government targets in Southeast Asia, security researchers have discovered.

Researchers claim AMD processors are riddled with critical flaws

Researchers at CTS Labs are accusing computer chip manufacturer Advanced Micro Devices (AMD) of disregarding "fundamental security principles" and overlooking "poor security practices and insufficient quality controls."

Middleboxes in Turkish telecom redirecting users to nation-state spyware

Security researchers have uncovered how deep packet inspection middleboxes are being used either to expose Turkish nationals to nation-state spyware or to redirect Egyptian Internet users to ads and browser cryptocurrency.